GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,836 advisories
Filter by severity
Cross site scripting in mobiledoc-kit
Moderate
CVE-2022-2932
was published
for
mobiledoc-kit
(npm)
Aug 23, 2022
Cross site scripting in yetiforce/yetiforce-crm
Moderate
CVE-2022-2890
was published
for
yetiforce/yetiforce-crm
(Composer)
Aug 23, 2022
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial...
Moderate
Unreviewed
CVE-2021-36857
was published
Aug 23, 2022
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba...
Moderate
Unreviewed
CVE-2021-36847
was published
Aug 23, 2022
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape...
Moderate
Unreviewed
CVE-2021-24910
was published
Aug 23, 2022
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN...
Moderate
Unreviewed
CVE-2022-32771
was published
Aug 23, 2022
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN...
Moderate
Unreviewed
CVE-2022-32772
was published
Aug 23, 2022
A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11...
Moderate
Unreviewed
CVE-2022-30690
was published
Aug 23, 2022
A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo...
Critical
Unreviewed
CVE-2022-28712
was published
Aug 23, 2022
A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection...
Critical
Unreviewed
CVE-2022-26842
was published
Aug 23, 2022
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN...
Moderate
Unreviewed
CVE-2022-32770
was published
Aug 23, 2022
Cross site scripting in yetiforce/yetiforce-crm
Moderate
CVE-2022-2885
was published
for
yetiforce/yetiforce-crm
(Composer)
Aug 22, 2022
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration...
Moderate
Unreviewed
CVE-2020-23466
was published
Aug 20, 2022
DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system...
Moderate
Unreviewed
CVE-2022-37254
was published
Aug 20, 2022
Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0.
Moderate
Unreviewed
CVE-2022-0542
was published
Aug 20, 2022
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.
Moderate
Unreviewed
CVE-2022-1021
was published
Aug 20, 2022
In Jellyfin before 10.8, stored XSS allows theft of an admin access token.
Moderate
Unreviewed
CVE-2022-35910
was published
Aug 20, 2022
Incorrect Access Control and Cross Site Scripting in Jellyfin
High
CVE-2022-35909
was published
for
Jellyfin.Common
(NuGet)
Aug 20, 2022
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista...
Moderate
Unreviewed
CVE-2022-35554
was published
Aug 20, 2022
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to...
Moderate
Unreviewed
CVE-2022-29487
was published
Aug 19, 2022
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5...
Moderate
Unreviewed
CVE-2022-28715
was published
Aug 19, 2022
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5...
Moderate
Unreviewed
CVE-2022-30604
was published
Aug 19, 2022
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5...
Moderate
Unreviewed
CVE-2022-33151
was published
Aug 19, 2022
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5...
Moderate
Unreviewed
CVE-2021-30071
was published
Aug 19, 2022
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross...
Moderate
Unreviewed
CVE-2022-37063
was published
Aug 19, 2022
ProTip!
Advisories are also available from the
GraphQL API